Latest opensuse leap Vulnerabilities

CVE-2023-32182
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfi...
openSUSE Leap=15.5
SUSE Linux Enterprise High Performance Computing=15.0-sp5
SUSE SUSE Linux Enterprise Desktop=15-sp5
CVE-2022-45153
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 ...
SUSE Linux Enterprise Module for SAP Applications=15-sp1
openSUSE Leap=15.4
Suse Linux Enterprise Server=12-sp5
CVE-2022-31254
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUS...
Opensuse Rmt-server<2.10
SUSE Manager Server=4.1
openSUSE Leap=15.3
openSUSE Leap=15.4
SUSE Linux Enterprise Server=15
SUSE Linux Enterprise Server=15-sp1
CVE-2022-31252
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path componen...
openSUSE Leap=15.3
openSUSE Leap=15.4
openSUSE Leap Micro=5.2
SUSE Linux Enterprise Server=12-sp5
CVE-2021-46141
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
debian/uriparser
Uriparser Project Uriparser<0.9.6
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 5 more
CVE-2021-46142
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
debian/uriparser
Uriparser Project Uriparser<0.9.6
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 5 more
CVE-2021-41819
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. B...
rubygems/cgi<0.1.0.1
rubygems/cgi=0.2.0
rubygems/cgi=0.3.0
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
and 42 more
CVE-2021-41817
A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates. This flaw allows an attacker to hang a ruby ap...
redhat/rh-ruby26-ruby<0:2.6.9-120.el7
redhat/rh-ruby30-ruby<0:3.0.4-149.el7
redhat/rh-ruby27-ruby<0:2.7.6-131.el7
Ruby-lang Date<2.0.1
Ruby-lang Date>=3.0.0<3.0.2
Ruby-lang Date>=3.1.0<3.1.2
and 46 more
CVE-2021-25321
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 all...
Suse Arpwatch<2.1a15
SUSE Manager Server=4.0
SUSE OpenStack Cloud Crowbar=9.0
SUSE Linux Enterprise Server=11-sp4
Suse Arpwatch<=2.1a15-169.5
openSUSE Factory
and 2 more
CVE-2021-31997
A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue...
Opensuse Python-postorius<1.3.2-lp152.1.2
openSUSE Leap=15.2
Opensuse Python-postorius<=1.3.4-2.1
openSUSE Factory
CVE-2021-25322
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to...
Python-hyperkitty Project Python-hyperkitty<=1.3.2-lp152.2.3.1
openSUSE Leap=15.2
Python-hyperkitty Project Python-hyperkitty<1.3.4-5.1
openSUSE Factory
CVE-2021-31998
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their...
Opensuse Inn<=2.4.2-170.21.3.1
Suse Linux Enterprise Server=11-sp3
Opensuse Inn<2.6.2
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.2
CVE-2021-25317
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory...
Suse Cups<1.3.9
SUSE Linux Enterprise Server=11-sp4
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Suse Cups<2.2.7
and 6 more
CVE-2021-26676
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
Intel Connman<1.39
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Leap=15.2
debian/connman
ubuntu/connman<1.36-2.1
and 3 more
CVE-2021-26675
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
Intel Connman<1.39
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Leap=15.2
debian/connman
ubuntu/connman<1.36-2.1
and 2 more
CVE-2020-28049
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server witho...
debian/sddm
debian/sddm<=0.18.1-1<=0.18.0-1
Sddm Project Sddm<0.19.0
openSUSE Leap=15.1
openSUSE Leap=15.2
Debian Debian Linux=9.0
and 2 more
CVE-2020-16007
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
Google Chrome<86.0.4240.183
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
Debian Debian Linux=10.0
openSUSE Leap=15.1
openSUSE Leap=15.2
and 1 more
CVE-2020-16008
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
Google Chrome<86.0.4240.183
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
Debian Debian Linux=10.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 3 more
CVE-2020-16006
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google Chrome<86.0.4240.183
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
Debian Debian Linux=10.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 3 more
CVE-2020-16009
Google Chromium V8 Type Confusion Vulnerability
debian/chromium
Cefsharp Cefsharp<86.0.241
Google Chrome<86.0.4240.183
Microsoft Edge<86.0.622.63
Microsoft Edge<86.0.4240.183
openSUSE Backports SLE=15.0-sp1
and 7 more
CVE-2020-16004
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google Chrome<86.0.4240.183
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.1
openSUSE Leap=15.2
Fedoraproject Fedora=32
and 3 more
CVE-2020-16011
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H...
Google Chrome<86.0.4240.183
Microsoft Windows
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.1
openSUSE Leap=15.2
and 2 more
CVE-2020-16005
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google Chrome<86.0.4240.183
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.1
openSUSE Leap=15.2
Debian Debian Linux=10.0
and 3 more
CVE-2020-14323
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing ...
Samba Samba>=3.6.0<4.11.15
Samba Samba>=4.12.0<4.12.9
Samba Samba>=4.13.0<4.13.1
openSUSE Leap=15.1
openSUSE Leap=15.2
Fedoraproject Fedora=32
and 5 more
CVE-2020-27672
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that...
debian/xen
Xen Xen>=3.2.0<=4.14.0
Fedoraproject Fedora=31
openSUSE Leap=15.1
openSUSE Leap=15.2
Debian Debian Linux=10.0
CVE-2020-27671
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing ...
debian/xen
Xen Xen>=4.2.0<=4.14.0
openSUSE Leap=15.1
openSUSE Leap=15.2
Debian Debian Linux=10.0
Fedoraproject Fedora=31
CVE-2020-27670
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table...
debian/xen
Xen Xen<=4.14.0
openSUSE Leap=15.1
openSUSE Leap=15.2
Fedoraproject Fedora=31
Debian Debian Linux=10.0
CVE-2020-27560
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
ImageMagick ImageMagick=7.0.10-34
Debian Debian Linux=9.0
openSUSE Leap=15.2
CVE-2020-27673
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e9950...
Linux Linux kernel>=2.6.12<4.4.244
Linux Linux kernel>=4.5.0<4.9.244
Linux Linux kernel>=4.10.0<4.14.207
Linux Linux kernel>=4.15.0<4.19.155
Linux Linux kernel>=4.20.0<5.4.75
Linux Linux kernel>=5.5.0<5.9.5
and 122 more
CVE-2020-14798
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
debian/openjdk-11
debian/openjdk-8
IBM Cloud Pak for Automation<=20.0.3-IF002
IBM Cloud Pak for Automation<=21.0.1
Oracle JDK=1.7.0-update271
Oracle JDK=1.8.0-update261
and 21 more
CVE-2020-14797
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 33 more
CVE-2020-14803
An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.80-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 38 more
CVE-2020-14796
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unkno...
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 33 more
CVE-2020-15683
Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed ...
Mozilla Firefox<82
<82
<78.4
<78.4
Mozilla Firefox<82.0
Mozilla Firefox ESR<78.4
and 8 more
CVE-2020-14782
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 36 more
CVE-2020-14792
An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2
redhat/java<11-openjdk-1:11.0.9.11-0.el8_0
and 39 more
CVE-2020-14781
An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown at...
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 30 more
CVE-2020-14779
An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown...
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 34 more
CVE-2020-25829
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSE...
PowerDNS Recursor<4.1.18
PowerDNS Recursor>=4.2.0<4.2.5
PowerDNS Recursor>=4.3.0<4.3.5
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.1
and 1 more
CVE-2020-15229
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, ...
Sylabs Singularity>=3.1.1<=3.6.3
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.1
openSUSE Leap=15.2
CVE-2020-26164
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Den...
Kde Kdeconnect<20.08.2
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.1
openSUSE Leap=15.2
CVE-2020-11800
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
Zabbix Zabbix>=2.2.0<3.0.31
Zabbix Zabbix=3.2.0
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.1
openSUSE Leap=15.2
and 1 more
CVE-2020-25866
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in...
Wireshark Wireshark>=3.0.0<=3.0.13
Wireshark Wireshark>=3.2.0<=3.2.6
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Fedoraproject Fedora=33
openSUSE Leap=15.1
and 2 more
CVE-2020-25862
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF chec...
Wireshark Wireshark>=2.6.0<=2.6.20
Wireshark Wireshark>=3.0.0<=3.0.13
Wireshark Wireshark>=3.2.0<=3.2.6
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 13 more
CVE-2020-25863
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of ...
Wireshark Wireshark>=2.6.0<=2.6.20
Wireshark Wireshark>=3.0.0<=3.0.13
Wireshark Wireshark>=3.2.0<=3.2.6
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 13 more
CVE-2020-8228
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
Nextcloud Preferred Providers=1.7.0
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.1
openSUSE Leap=15.2
CVE-2020-27153
A double-free vulnerability was found in bluez-5.54's gatttool disconnect_cb() routine from /src/shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during s...
BlueZ BlueZ<5.55
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Leap=15.1
openSUSE Leap=15.2
redhat/bluez<5.55
and 9 more
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used...
PHP PHP>=7.2.0<7.2.34
PHP PHP>=7.3.0<7.3.23
PHP PHP>=7.4.0<7.4.11
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 18 more
CVE-2020-7070
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefi...
debian/php7.3
debian/php7.4
ubuntu/php5<5.5.9+dfsg-1ubuntu4.29+
ubuntu/php7.0<7.0.33-0ubuntu0.16.04.16
ubuntu/php7.2<7.2.24-0ubuntu0.18.04.7
ubuntu/php7.4<7.4.3-4ubuntu2.4
and 19 more
CVE-2020-26117
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certi...
Tigervnc Tigervnc<1.11.0
Debian Debian Linux=9.0
openSUSE Leap=15.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203